Assessing vulnerabilities related to and the credibility of cryptographic material in systems is a difficult problem. Many solutions attempt to evaluate various aspects of a system or protocols in isolation to identify whether vulnerabilities exist. However, aspects evaluated in isolation do not always provide a good understanding of the security or trustworthiness of a system or process. Furthermore, identifying how to improving security and/or trustworthiness is often extremely difficult given the various factors that may influence security and/or trustworthiness.